Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11061 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2019-10-09 | 9.0 HIGH | 9.1 CRITICAL |
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges. | |||||
CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2018-12-12 | 7.6 HIGH | N/A |
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. |